x86, kaslr: boot-time selectable with hibernation Changes kASLR from being compile-time selectable (blocked by CONFIG_HIBERNATION), to being boot-time selectable (with hibernation available by default) via the "kaslr" kernel command line. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

commit: 24f2e0273f80ec262a772059e140a0adef35296d [log] [tgz]
author: Kees Cook <keescook@chromium.org> Fri Jun 13 13:30:36 2014 -0700
committer: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Mon Jun 16 23:30:44 2014 +0200
tree: abc4fadb0de6845ed9c4b88918f14b54e5d213c5
parent: a6e15a39048ec3229b9a53425f4384f55f6cc1b3 [diff] [blame]
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index 4dbf967..fc6091a 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c

@@ -289,10 +289,17 @@
 	unsigned long choice = (unsigned long)output;
 	unsigned long random;
 
-	if (cmdline_find_option_bool("nokaslr")) {
-		debug_putstr("KASLR disabled...\n");
+#ifdef CONFIG_HIBERNATION
+	if (!cmdline_find_option_bool("kaslr")) {
+		debug_putstr("KASLR disabled by default...\n");
 		goto out;
 	}
+#else
+	if (cmdline_find_option_bool("nokaslr")) {
+		debug_putstr("KASLR disabled by cmdline...\n");
+		goto out;
+	}
+#endif
 
 	/* Record the various known unsafe memory ranges. */
 	mem_avoid_init((unsigned long)input, input_size,
commit	24f2e0273f80ec262a772059e140a0adef35296d	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Fri Jun 13 13:30:36 2014 -0700
committer	Rafael J. Wysocki <rafael.j.wysocki@intel.com>	Mon Jun 16 23:30:44 2014 +0200
tree	abc4fadb0de6845ed9c4b88918f14b54e5d213c5
parent	a6e15a39048ec3229b9a53425f4384f55f6cc1b3 [diff] [blame]